Corporations looking to implement electronic-signature networks face formidable challenges related to technology and process standards, consumer protection requirements and conflicting state and federal regulations, say users and industry representatives.
As a result, one year after the Electronic Signatures in Global and National Commerce Act went into effect, use of e-signatures for e-commerce is well below expectations, they said.
"Adoption by industry has been a good bit slower than most people would have expected," said Thomas Crocker, a lawyer at Washington-based Alston & Bird LLP who earlier this year submitted comments on the issue to the Federal Trade Commission.
The so-called E-Sign legislation gives electronic signatures and contracts the same legal standing as their ink counterparts. But although it arrived with much fanfare and hype, the law has failed to trigger any widespread adoption of electronic signatures, said Steve Schutze, director of e-strategies at the Washington-based American Bankers Association. The organization represents nearly 98 percent of all banks operating in the U.S.
"Even though it's been a year, people are still asking about how to implement e-signatures and finding out how to manage their risk, as well as protect customer assets and their own interest," Schutze said.
That's because "the E-Sign act, in its present form, fails to deliver on its promises of uniformity, consistency and legal certainty," Crocker said.
For starters, the E-Sign law doesn't specify what constitutes an electronic signature, leaving it to the industry to develop the needed standards, according to Meredith Hickman, an analyst at Celent Communications LLC in New York. Everything from passwords and personal identification numbers to dual-key encryption, digital certificates and biometrics can be used as electronic signatures. "Therefore, there is no obvious choice for companies to choose when building out their infrastructure," said Hickman.
Companies are particularly reluctant to use electronic signatures for big transactions, such as signing a mortgage contract, said Richard Lewis, chief technology officer at ClosingGuard.com Inc., a New York-based mortgage closing services company. That's because there isn't yet a reliable way to establish the identity of people online, Lewis said.
Unlike driver's licenses and other legal forms of identification, most of the forms of ID used online, such as digital certificates, are issued by a variety of vendors, not by a single governing entity, he said.
And since there's no case law based on the use of electronic signatures, there's no telling how an electronically signed document such as a mortgage contract would hold up if challenged in court 10 years down the road, Lewis said.
A lack of common standards among the infrastructure technologies in an e-signature network only compounds this problem, said Tom Greco, president of Digital Signature Trust Co., a digital certificate vendor in Salt Lake City.
It's also crucial for companies to understand the technology and business implications of the consumer protection provisions built into the E-Sign law, said Eric Goldberg, assistant counsel at the Washington-based American Insurance Association, which represents more than 370 large and small insurers nationwide.
Under the E-Sign law, companies that accept electronic signatures have to go through a series of steps to inform consumers about other options and get their consent. Companies also need to ensure that consumers reasonably demonstrate their ability to store and access digital documents before they are allowed to send and receive digital documents.
Such stipulations can result in a legal quagmire for companies, Goldberg said.
Dueling state and federal statutes are also a major problem, Crocker said.
In July 1999, the Chicago-based National Conference of Commissioners on Uniform State Laws adopted the Uniform Electronic Transactions Act (UETA), which like E-Sign, legalizes electronic documents and signatures. The consumer consent provisions of UETA aren't quite as stringent as those in E-Sign. But because of the way E-Sign has been drafted, some of the states that adopted UETA are sticking to its provisions. In other states, it's not clear which law businesses should follow.
As a result, companies, especially those with operations in multiple states, aren't sure how to proceed, Goldberg said.